Towards dynamic risk management: Success likelihood of ongoing attacks

The proliferation of sophisticated cyberattacks, coupled with the steady growth of information and communication technology (ICT) systems in size and complexity, provides motivation for continuous improvements in security management. For day-to-day operation, security officers and administrators need an effective response (or decision aid) system to handle ongoing cyberattacks. Effective countermeasures must minimize the risks induced by these attacks, noting that the risk is evaluated as a function of the success likelihood and the impact of an attack. In this paper, we demonstrate how to dynamically calculate the success likelihood (SL) for an ongoing attack by considering the progress of an attacker towards his objective. Afterwards, we present a response/decision aid system based on the SL metric. Finally, we present the Success Likelihood Assessment Module (SLAM), which implements and highlights the relevance of our work for real time security management. This paper focuses on the operational aspects of a security by design approach. © 2012 Alcatel-Lucent.

[1]  Hervé Debar,et al.  Correlation of Intrusion Symptoms: An Application of Chronicles , 2003, RAID.

[2]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[3]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[4]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[6]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[7]  Mark Collier,et al.  Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions , 2006 .

[8]  Audra E. Kosh,et al.  Linear Algebra and its Applications , 1992 .

[9]  Ashok K. Gupta,et al.  Building secure products and solutions , 2007, Bell Labs Technical Journal.

[10]  E. Bareiss Sylvester’s identity and multistep integer-preserving Gaussian elimination , 1968 .

[11]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[12]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[13]  Peter Martini,et al.  Graph based Metrics for Intrusion Response Measures in Computer Networks , 2007 .

[14]  Frédéric Cuppens,et al.  Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework , 2006, Ann. des Télécommunications.

[15]  Nora Cuppens-Boulahia,et al.  Automated reaction based on risk analysis and attackers skills in intrusion detection systems , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[16]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[17]  Peng Ning,et al.  Building Attack Scenarios through Integration of Complementary Alert Correlation Method , 2004, NDSS.

[18]  Howard Raiffa,et al.  Decision analysis: introductory lectures on choices under uncertainty. 1968. , 1969, M.D.Computing.

[19]  Nora Cuppens-Boulahia,et al.  Intelligent response system to mitigate the success likelihood of ongoing attacks , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[20]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[21]  Robert K. Cunningham,et al.  Evaluating and Strengthening Enterprise Network Security Using Attack Graphs , 2005 .

[22]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[23]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[24]  Nora Cuppens-Boulahia,et al.  Risk-Aware Framework for Activating and Deactivating Policy-Based Response , 2010, 2010 Fourth International Conference on Network and System Security.

[25]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[27]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[28]  Ulf Lindqvist,et al.  Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[29]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[30]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[31]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[32]  Anoop Singhal,et al.  Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs , 2011 .

[33]  Frédéric Cuppens,et al.  LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.

[34]  Wael Kanoun Intelligent risk-aware system for activating and deactivating policy-based response , 2011 .

[35]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[36]  Nora Cuppens-Boulahia,et al.  Success Likelihood of Ongoing Attacks for Intrusion Detection and Response Systems , 2009, 2009 International Conference on Computational Science and Engineering.